CVE-2022-2569
published 2022-08-24CVE-2022-2569: The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database…
PriorityP424medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.13%
3.0th percentile
The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arc_informatique | pcvue_12_oauth_web_service_configuration | >= All < 12.0.27 | 12.0.27 |
| arc_informatique | pcvue_15_oauth_web_service_configuration | — | — |
| arcinformatique | pcvue | < 12.0.27 | 12.0.27 |
| arcinformatique | pcvue | 15 – 15.2.2 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w882-jpr6-qrvg: The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth databa
ghsa_unreviewed·2022-08-25
CVE-2022-2569 [MEDIUM] CWE-312 GHSA-w882-jpr6-qrvg: The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth databa
The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users
CISA ICS
ARC Informatique PcVue (Update A)
cisa_ics·2022-08-23
ARC Informatique PcVue (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
ARC Informatique PcVue (Update A)
Last RevisedSeptember 29, 2022
Alert CodeICSA-22-235-01
Skip to main content Toolbar items Manage Administration menu Tools Extend Tools Content Extend Content Structure Configuration Extend Configuration Help Horizontal orientation dgloria Edit ICS Advisory ARC Informatique PcVue (Update A) Primary tabs View Edit(active tab) Delete Revisions Breadcrumb Home ARC Informatique PcVue (Update A) Is Medical Advisory No Yes Title ARC Informatique PcVue (Update A) docid ICSA-22-235-01 Enter a document ID in the form of ICSA-YY-XXX-ZZ Where Y is the 2 di
CISA ICS
ARC Informatique PcVue
cisa_ics·2022-08-23·CVSS 5.5
[MEDIUM] ARC Informatique PcVue
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
ARC Informatique PcVue
Last RevisedAugust 23, 2022
Alert CodeICSA-22-235-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 5.5
- ATTENTION: Low attack complexity
- Vendor: ARC Informatique
- Equipment: PcVue
- Vulnerability: Cleartext Storage of Sensitive Information
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to access the OAuth web service database.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following ARC Informatique product components are affected:
- PcVue 12 OAuth web service configuration
- PcVue 15 OAuth web service
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-08-24
Published